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November 6, 2013 


Attorney General Martha Coakley 
Office of the Attorney General 
One Ashburton Place 
Boston, MA 02108 



Re: Information Security Event 


Dear Attorney General Coakley: 

On October 4,1 received a letter from Richard Novitch, Esq., a copy was also sent to your office and is 
att ached hereto for your reference. Mr. Novitch represents and is opposing counsel to me 

in a probate court divorce matter pending in Middlesex County. The letter from Mr. 

Novitch states that on or about October 2, 2013 his client, received a box of confidential paper 

documents (storage box) at his apartment door with a hand written note from a n unknown third party 
stating they h ad found the documents in the p arking garage. Coincidentally, both ^^^^^|and I reside 
separately, at also we both park our cars 

the same garage. was not able to produce the note from the alleged third party after multiple 

requests. To my best recollection, I had placed the storage box in my locked rental car, which is my 
standard practice. According to the building management, an investigation was conducted of all 
employees, security staff and maintenance workers of t he building and not one person had ever seen the 
storage box in the garage or the hallway by apartment. 

Pursuant to M.G.L. c. 93H s. (3)b, I am writing to notify you of an unauthorized access of personal 
information as described in the paragraph above, to the best of my knowledge involving up to three (3) 
Massachusetts residents. Ail thre e residents ha ve been on notice of this incident either through immediate 
direct phone contact by me, or in case, due to his possession of the box and his review of its 

contents as stated in Mr. Novitch’s letter. The affected Massachusetts residents will shortly receive 
written notice via United States Postal Service mail of the possible unauthorized access to their personal 
information, a copy of the notice is provided herein. 

Upon discovery of the incident through the receipt of the letter from Mr. Novitch, I engaged the Ashcroft 
Law Firm to negotiate the return of the storage box from Mr. Novitch and his firm Lander & Lander. This 
process was unduly complicated by Mr. Novitch’s demands for an inventory of all of the contents of the 
storage box, despite their being other client information therein and his insistence to attempt delivery of 
the storage box to the Massachusetts Board of Bar Overseers, despite their instructions to the contrary. 
During the twelve (12) days that Mr. Novitch retained the storage box, the Ashcroft Law Firm arranged, 
at my expense, on two occasions for the storage box to be picked up by a forensic firm. The return of the 
storage box was refused each time. On the third attempt, the storage box was finally retrieved and the 
documents inventoried by an IT expert at my expense. The documents were examined for personal 
information and two Massachusetts Probate Court Financial Statements were found to contain first and 
last names coupled with unredacted Social Security numbers. I have no information or evidence that the 
personal information has been used for fraudulent purposes or that any third party exists and had access to 
the documents in the storage box. I have not reported the incident to law enforcement as it is my belief the 
box’s removal from my rental car was meant to, and has, caused me expense, humiliation, embarrassment 
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and anxiety from the protracted process of needing to hire legal counsel to have my storage box returned; 
and that doing so at this point will only perpetuate this situation. In a ny case, I will offer credit mo nitoring 
services to each of the affected Massachusetts residents, including and one 

other client. 

In the future, I will review all court filings to detect unredacted personal information and I will not accept 
any court Filings from any other counsel for transport or storage that contain unredacted Social Security 
numbers. Also, I have requested that my residential property management company install security 
cameras to be placed in the parking garage. 

A copy of this letter will be sent to the Director of Consumer Affairs and Business Regulation. Should the 
Office of the Attorney General have any questions or need further information, please feel free to contact: 


Ellen M. Giblin, Esq. 
Ashcroft Law Firm 
One Post Office Square 
Boston, MA 02110 
617.245.2939 

egiblin@ashcroftlawfirm.com 
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LANDER & LANDER, P.C. 

ATTORNEYS AT LAW 
405 COCHITUATE ROAD, SUITE 302 
FRAMINGHAM, MASSACHUSETTS 01701 
WWW.LANDERANDLANDER.COM 

Telephone: (SOB) 879-0046 • Facsimile: (508) 879-1880 


JAY J. LANDER 
STEPHEN N, LANDER 
RICHARD M. NOVITCH* 

S. ROBERT FISH, JR. 

JOHN E, QUIGLEY 
MEGHAN W. ALBERT 
MOLLY R. SQ1FFER 0 

October 4,2013 


MICHELLE L. FEiNBERG* 
Of Counsel 

» Also admitted in Florida 
a A)so admitted in New Hampshire 
“Also admitted in New York 


VIA FACSIMILE, EMAIL 
AND REGULAR MAIL 

Marc Cooper, Esq. 

KATES & BARLOW, PC 
21 Custom House Street 
Boston, Massachusetts 02110 

Re: mmmm 

G.L. c. 93H Violations 

Dear Marc: 

I have in my possession a transparent box from. Staples, which appears to con tain 
hundreds of pages of documents. It was delivered to me by our client, For 

reasons I will shortly explai n, we have n ot gone through its c ontents, or opened it for that matter. 
The box w as left in front apartment door at the complex in 

an unnamed person with a note that it was found in the parking garage. Clearly, 
this unidentified p erson had g one through it sufficiently enough to learn that it contained 
materials related Presumably this is why it was left on his door step. 

Th ere is no question that the box is not mine. Nor is it my client’s. I do understand that 
■■■ has seen you at the same apartment complex in the recent past, and thus I presume that 
you reside in another apartment there, and that the box is yours. 

■^■1 went through the box. 

According to our client, it contains significant, personal and confidential financial 
information related to him and his business, such as deposition transcripts, Rule 401 finan cial 
statements, general le dgers, and an employment agreement. It also contains^H^^H 
Financial Statements, ^^^^^■medical/HPV records and test results, therapy bill, 

Belmont Savings Bank statements and records on the home equity line of credit, and what 
appears to be your personal, handwritten notes. 
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I am further informed from my client that the boxa^WoHfl/^contains records of at least 
five (5) other clients, including visita tion reports of records relating to the 

~ documents on this final 

client contained Rule 401 financial stat ements, a divorce agreement, and li fe insurance 
docum ents. informs me thatlMRipVWHHHV^^Irepresent one of the 

and with this letter I have copied them (as I believe I am ethically and statutorily required 
to do) to take whatever action they deem appropriate on their client’s behalf. 

As it appears that you lost or mislaid this box, which contains records of other clients of 
yours (and what I am told are your hand-written notes), neither I nor any member of my Firm 
have gone through it, I will continue to safeguard it, in my office, until you are (or another 
member of your Firm is) ready to retrieve it. Understand that because of the significant and 
unprecedented breach of security caused by your nonfeasance, carelessness and/or gross 
negligence before you will be allowed to take this box with you, you will need to inventory its 
contents and sign a receipt. 

At this point, w e do not know how long the box sat, unattended in the parking garage of 
At no time, contrary to either the plain terms of the Confid entiality 
Agreement you signed, or G.L. c. 93H, § 3, had you ever notified me or you had 

lost or misplaced any records with his financial data. At present, we do not know how many 
different people have looked inside the box - though clearly aUeastomeperson did. We do not 
know how many people acqui red, and thus now have use of^^^^m^ersonal financial 
information -- not to mention, HU and the other clients’ information as well. 

In li ght of what appears to be your profound and inexplicable carelessness, please be 
advised that^^^^H intends to hold you fully accountable. He is in the process of pricing out 
credit security, which he will expect you will pay in full. He also is considering hiring legal 
counsel to determine whether and to what extent he has any other civil remedies as a result of 
this serious breach. 

With this letter I have copied the Attorney General’s Office to remedy the violations of c. 
93H. And, I a m making a formal demand for the immediate return of all personal financial data 
of, or related to so that we may tend to its destruction. I trust you understand his and 

our concerns, and that you will promptly return his data, certify that your production is complete 
and that will do so without the need for formal legalproceedings. I lpjJk forward to receiving 
your reply by Monday next, /j[ // 

/ Youfs truly, S / 


RMNihsf 

cc, iMartha Coakley, Esq,, Attorney General 
(via email) 

Stephen N. Lander , Esq. 

(via email only) 

(via email only 








SAMPLE LETTER 


November 6, 2013 

Name 

Address 


Dear Name, 

I am writing to let you know that a recent information security event may have exposed your personal 
information to unauthorized access. In light of this potential access, I am providing you with information 
on your rights and suggestions to safeguard your personal information against potential identity theft, 
both in this particular event and on an ongoing basis. 

First, in an information security event with a potential for identity theft, you have the right to request a 
police report. 

Second, you have the right to request a security freeze on your credit report, which would prevent 
consumer credit reporting agencies from releasing any of your information without your explicit consent. 
Each bureau may charge you a fee of up to $5 to place a freeze. To request a freeze, you must contact 
each major credit bureau with the required information: 


Equifax Security Freeze 
P.O. Box 105788 
: Atlanta, GA 30348 
Required Information : 

Full name, current 
; residential address, date of 
birth, Social Security 
number, and proof of 
current address (such as a 
utility bill) 


i 

I 

! 


Experian Security Freeze 
I P.O. Box 9554 
Allen, TX 75013 
I Required Information : 

I Full name including middle 
initial and generation (Sr., 
Jr., Ill) if relevant, current 
I residential address and 
| previous addresses for the 
past two years, date of birth, 
Social Security number, a 
recent utility bill or 
I bank/insurance statement, 
i and a legible copy of a 
; government issued 
| identification card (such as 
i a driver’s license) showing 
: your name and current 
mailing address plus the 
i date of issue 


TransUnion Security Freeze 
P.O. Box 6790 
I Fullerton, CA 92834-6790 
Required Information : 

Full name, current residential 
address, Social Security 
number, proof of residence 
(such as a legible copy of a 
driver’s license), and credit 
; card number/expiration date to 
pay the $5 fee 











SAMPLE LETTER 


I have taken the following steps to address this potential unauthorized access: 

• I have notified the following consumer credit reporting agencies of the incident: 

• Experian: 888-397-3742 

■ Equifax: 877-478-7625 

■ TransUnion: 800-680-7289 

• I have arranged for you to be provided with one year of credit monitoring at no cost to 
you. Experian will provide the ProtectMylD® credit monitoring and you may enroll 
online. The website for enrollment is wvv w.protectmvid.com/enro 11 and your personal 
access code is ECDCVFRGH. 

Additional steps you may wish to take to further protect yourself include: 

• Review recent activity on your accounts so that unauthorized activity can be noticed 
promptly. 

• Consider requesting free copies of your credit report from the three major US credit 
bureaus and reviewing them on an annual basis. Visit www.annualcreditreport.com for 
more information. 

• Place a fraud alert on your credit file in response to this incident, which would make it 
more difficult for an identity thief to open a new account in your name. 

To do this, call one of the three main credit bureaus’ toll-free fraud phone numbers with 
your request: 

» Equifax: 877-478-7625 

■ Experian: 888-397-3742 

« TransUnion: 800-680-7289 

I apologize for any inconvenience and concern this situation may cause you. As an attorney, I appreciate 

the privacy of your personal information and will continue efforts to correct the potential exposure and 

ensure it does not reoccur. 

If you have any questions or concerns regarding this notice, please contact: 

Ellen M. Giblin, Esq. 

Ashcroft Law Firm 
One Post Office Square 
Boston, MA 02110 
617.245.2939 Phone 
egiblin@ashcroftlawfirm.com 

Sincerely, 

Marc Cooper, Esq. 

Kates & Barlow, P.C. 

Custom House Street, Suite 92021 

Boston, MA 02110 







